Privacy and Data Protection Officer

Location
Nottingham
Salary
Negotiable
Posted
17 Oct 2017
Closes
14 Nov 2017
Ref
00074638
Contact
Recruitment Genius Ltd
Function
IT
Contract Type
Permanent
Hours
Full Time
One of the fastest growing technology businesses in the UK is looking to recruit a Privacy and Data Protection Officer.

The Privacy and Compliance Officer is responsible for the development, implementation, and enforcement of policies, procedures, and practices necessary to ensure that ERT products/services comply with all applicable US, EU and regional privacy laws and regulations and conforms to industry best practices for clinical trial, health care and employee privacy and security.

Applicable requirements include but are not limited to EU GDPR - General Data Protection Regulation, HIPAA Privacy and Security Rules, relevant provisions in the HITECH Act. The Privacy and Compliance Officer will be the designated point of contact who receives privacy and security-related inquiries, complaints, if any, associated with ERT service activities and who is able to provide guidance related to privacy, compliance and security-related matters

Main duties:

Serves as the Privacy and Compliance liaison with local Data Protection Authorities (DPA)

Works with ERT legal counsel and Sr. Management, key departments, and committees to ensure ERT has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.

Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities. Translates and develops employee training programs statutory and policy obligations into implementable privacy and security requirements.

Serves as information privacy consultant to the organization for all departments and appropriate entities.

Produces privacy and compliance documentation, including Privacy Risk Assessments, risk analyses, incident reports, and related artifacts.

Responsible for specifying and documenting privacy and security regulations and associated compliance requirements, performing privacy impact assessments, documenting administrative, physical, and technical security requirements and working with project management and operational team members to ensure that all privacy and security requirements are adequately addressed.

Skills needed:

Strong knowledge of EU General Data Protection Regulation (GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data

Strong knowledge of HIPAA and other privacy and security laws, regulations, and corresponding practices.

General knowledge of global compliance requirements related to global geographic area - US, EU, APAC, etc.

Formal education or professional experience in law, privacy, public policy, or health care; Pharmaceutical/Clinical Trial experience preferred.

Experience working in environments that process personally identifiable information (PII) or protected health information (PHI)